As far as I can tell, Wget only provides the following methods to
provide a HTTP password:

1. as part of the URL
2. with --http-password / --password
3. using ~/.netrc
4. using --use-askpass
5. using --ask-password

The problem is that 1 & 2 expose the password in the process table, while ~/.netrc is a centralised resource that may not be editable by a script. 4 & 5 are interactive, and while I could provide an ad-hoc askpass script, this is a gross hack.

It'd be awesome if Wget could provide one or more of the following methods to provide the password:

1. read it from $WGET_PASSWORD
2. read it from a specific file
3. read it from a netrc-style file that is not ~/.netrc
4. let --use-askpass specify parameters to the script/binary to invoke

and that works, but it's a hack that I think could be rendered
obsolete by Wget functionality. Lftp and cURL both provide ways to either read from the environment, or to override the netrc filename.
Lftp furthermore can be scripted itself, which solves the problem
in its own way.